As with everything in life, being secure comes down to being cautious, reasonable and thinking logically. Security is a serious business and security and WordPress is always a big issue.
Although WordPress.org development team is quick to release security patches and updates, the same cannot be said about WordPress themes and plugins made by independent developers.
WordPress best practices keep WordPress websites secure.
There are lots of WordPress security plugins, but it’s not enough to just leave it to some 3rd party plugin to take care of your business. It’s up to you to keep WordPress safe and get all angles covered.
1. Choose Wisely and Update Regularly
WordPress updates don’t always bring just cool new features and options, but patch security vulnerabilities and fix bugs.
When installing themes and plugins, make sure they’re being updated regularly and that the author is responding to support questions. Often a premium WordPress product gets you a premium service, as well. Whatever you choose, see whether it’s a product made with best practices in mind and this will ensure there are no compatibility or security issues.
Always use trusted sources and for free stuff this means the official WordPress theme or plugin repositories. If you want to use commercial themes or plugins, do your research and get informed on quality of the author.
2. Don’t Go With the Defaults
This one’s a tip from our developer Slobodan: codex.wordpress.org is a large knowledge base, so whenever you have doubts about anything WordPress, try to find your answers there first. There’s a whole section on security and I would like to point out security through obscurity part:
- Don’t ever use the default administrator username – “admin”
- Default WordPress database prefix is – “wp_” and by changing this prefix you’ll repel some SQL injection attacks
3. Backup Your WordPress
Every single person has a story to tell about how they lost data. Data loss is such a real problem for many people. You can imagine going to sleep at night with your phone under your pillow. When you wake up, all your phone contacts are gone and the messages also deleted, plus music and pictures too.
The reason for this loss is that you forgot to lock your touch screen and as you tossed and turned over the night, you kept directing your phone to clear up your data. Imagine if this was to happen to your business’ data.
Backups keep you safe not only from server failures and incompatible software updates, but also from hackers. Of course, you will not sleep on the servers that contain your databases but then there are ways that you can lose the data. In fact, there are lots of ways that you can lose this data from a database.
Best WordPress Backup Options
There are several backup plugins that are available for your WordPress database. The best of these yet include the likes of:
This one is favored because it provides a comprehensive backup solution for WordPress sites. It gives you the opportunity to back up a variety of sources not just a hard drive. With BackupBuddy you can store away Amazon Web Services, Rackspace, Dropbox and even email content.
The back up process is completed fast and effortlessly thanks to the push button solutions that it offers. All that you need to do is pick up where you would like to store your backup and how frequently you would want them to occur and you will be good to go.
UpdraftPlus completely free unlike the before mentioned Backup Buddy. It is straightforward and user friendly. It will support backups to Amazon Web Services, FTP, Dropbox, Rackspace and email. It also works wonderfully with Google Drive plus a many other storage solutions.
There is a premium version of UpdraftPlus and it comes with added features, such as automatic updates, reporting, no advertisements, site migrator, and so forth.
BackUpWordPress is another plugin that is extremely popular. It allows you to backup your WordPress site automatically. This plugin includes scheduling so that you are able to create a different schedule for your files and your database. Setting it up is effortless and it is completely user-friendly.
The only problem with this one is that if you would like to store your backups anywhere else other than your email or hard drive then you will have to purchase an extension. This plugin comes with an extension for individual cloud storage, which includes Dropbox and Google Drive.
Backing up your content is important. Setting up a database backup is not exactly the simplest of tasks, but if you have a good database administrator, you will be able to save yourself a lot of effort.
That time you can spend in creating the backups, securing the database and other security tasks can be saved by using backup plugins and hiring a remote database administrator. It is easy and it really does help the business to grow unaffected by technicalities.
4. Reduce Credentials
People need only credentials that are enough for them to do their job. It basically means you should practice proper management and use of roles and capabilities. Nobody who’s only writing articles or editing posts needs administrative rights.
Your admin account should only be used when you’re performing administrative tasks, updating your WordPress installation, installing or deinstalling themes and plugins or for other major changes.
5. Use Strong Passwords
This one is simple. Use long pass-phrases, special characters and numbers for every single password. Don’t use same passwords for different accounts. Enable “Force Strong Passwords” feature in your WordPress dashboard.
6. Security Plugins
There are several security plugins for WordPress, but only two worth mentioning. They are:
Most plugins give a false sense of security, but these two will get you covered for just about any eventuality. You should’t think twice when enabling “limit login attempts feature” and for everything else there’s an explanation in the documentation. You should also harden WordPress security through .htaccess configuration file.
WordPress is growing at an unimaginable rate and so is the number of malicious WordPress attacks. Use and install only those products which are absolutely necessary to run your website. This applies to both themes and plugins. The more stuff you add the more stuff you need to maintain. If you need
Themes that have lots of features have a lot more stuff that can break and are generally more susceptible to hacker attack. Free things are not always good. Take a look at this post about Why You Should Never Search For Free Premium WordPress Themes.
If you’re maintaining and updating WordPress regularly, limiting credentials, using strong passwords and scheduled backups, you’re pretty much protected from anything malicious out there.
If you suspect you’ve been under attack or infected, try this How to Clean a WordPress Hack guide by Sucuri. These guys specialize in website security and offer professional service in maintaining and disinfecting websites.
If you have any recommendations on how to secure WordPress websites, share it with me in the comments section below.